Description
Cross-site scripting (XSS) vulnerability in the nonjs interface (interfaces/nonjs.pm) in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter.
Affected products
- cgiirc / cgi:irc0.5.9
- cgiirc / cgi:irc0.1 – 0.1
- cgiirc / cgi:irc0.2 – 0.2
- cgiirc / cgi:irc0.2.1 – 0.2.1
- cgiirc / cgi:irc0.3 – 0.3
- cgiirc / cgi:irc0.3.1 – 0.3.1
- cgiirc / cgi:irc0.3.2 – 0.3.2
- cgiirc / cgi:irc0.3.3 – 0.3.3
- cgiirc / cgi:irc0.3.3_pre1 – 0.3.3_pre1
- cgiirc / cgi:irc0.3.4 – 0.3.4
- cgiirc / cgi:irc0.3.5 – 0.3.5
- cgiirc / cgi:irc0.3.5b – 0.3.5b
- cgiirc / cgi:irc0.3.6 – 0.3.6
- cgiirc / cgi:irc0.3.7 – 0.3.7
- cgiirc / cgi:irc0.3_pre1 – 0.3_pre1
- cgiirc / cgi:irc0.3_pre2 – 0.3_pre2
- cgiirc / cgi:irc0.4 – 0.4
- cgiirc / cgi:irc0.4.1 – 0.4.1
- cgiirc / cgi:irc0.4.2 – 0.4.2
- cgiirc / cgi:irc0.4.3 – 0.4.3
- cgiirc / cgi:irc0.5 – 0.5
- cgiirc / cgi:irc0.5.1 – 0.5.1
- cgiirc / cgi:irc0.5.2 – 0.5.2
- cgiirc / cgi:irc0.5.3 – 0.5.3
- cgiirc / cgi:irc0.5.4 – 0.5.4
- cgiirc / cgi:irc0.5.5 – 0.5.5
- cgiirc / cgi:irc0.5.6 – 0.5.6
- cgiirc / cgi:irc0.5.7 – 0.5.7
- cgiirc / cgi:irc0.5.8 – 0.5.8
References
- VENDOR_ADVISORYhttp://www.debian.org/security/2011/dsa-2158
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0346
- MISChttp://sourceforge.net/mailarchive/message.php?msg_id=27024589
- MISChttp://securityreason.com/securityalert/8097
- MISChttp://www.securityfocus.com/archive/1/516328/100/0/threaded
- VENDOR_ADVISORYhttp://secunia.com/advisories/43217
- MISChttp://osvdb.org/70844